Online security

US scrutinizes Alibaba’s cloud unit for national security risks

WASHINGTON — The Biden administration is reviewing e-commerce giant Alibaba’s cloud operations to determine whether they pose a national security risk to the United States, according to three people briefed on the matter, as the government steps up scrutiny of the relationship between Chinese technology companies and American companies. .

The investigation focuses on how the company stores US customer data, including personal information and intellectual property, and whether the Chinese government could access it, the sources said. Beijing’s potential to disrupt US users’ access to their information stored on Alibaba’s cloud is also of concern, one of the people said.

U.S. regulators could ultimately choose to force the company to take action to reduce the risks posed by cloud activity or ban Americans at home and abroad from using the service. U.S.-listed Alibaba shares fell nearly 3% before the market opened on Tuesday and were last trading just over 1%.

Former President Donald J. Trump’s Commerce Department was concerned about Alibaba’s cloud business, but the Biden administration launched the official review after he took office in January, according to one of the three people and a former Trump administration official.

Alibaba’s cloud business in the United States is small, with estimated annual revenue of less than $50 million, according to research firm Gartner, Inc. But if regulators ultimately decide to block transactions between American companies and Alibaba Cloud, it would hurt the bottom line of one of the company’s most promising businesses and deal a blow to the company’s reputation as a whole.

A Commerce Department spokesperson said the agency does not comment on “the existence or non-existence of transaction reviews.” The Chinese Embassy in Washington did not respond to a request for comment.

Alibaba declined to comment. It flagged similar concerns about its U.S. business in its latest annual report, saying U.S. companies that have contracts with Alibaba “may be barred from continuing to do business with us, including from performing their obligations under agreements involving our… cloud services”.

The investigation of Alibaba’s cloud activity is conducted by a small Commerce Department office known as the Intelligence and Security Bureau. It was created by the Trump administration to wield sweeping new powers to prohibit or restrict transactions between U.S. companies and internet, telecom and tech companies from “adversarial foreign” countries like China, Russia , Cuba, Iran, North Korea and Venezuela.

The bureau has been particularly focused on Chinese cloud providers, one of the sources said, amid growing concerns over the potential for data theft and access disruption by Beijing.

The Trump administration issued a warning in August 2020 against Chinese cloud providers, including Alibaba, “to prevent the most sensitive personal information of American citizens and the most valuable intellectual property of our companies…from being stored and processed on cloud-based systems accessible to our foreigners”. opponents. »

Cloud servers are also considered ripe for hackers to launch cyberattacks as they can conceal the origin of the attack and provide access to a wide range of client networks.

While there are few public cases of the Chinese government forcing a tech company to hand over sensitive customer data, the indictments of Chinese hackers reveal their use of cloud servers to access private information.

For example, hackers connected to China’s Ministry of State Security broke into HPE’s cloud computing service and used it as a launching pad to attack customers, looting tons of company secrets and government officials for years in what U.S. prosecutors say is an effort to boost Chinese economic interests. .

Alibaba, the world’s fourth-largest cloud computing provider according to research firm Canalys, has around 4 million customers and describes its cloud business as its “second pillar of growth”. Its revenue grew 50% to $9.2 billion in 2020, despite the division accounting for just 8% of overall sales.

According to press releases, he has business relationships with units of major US companies, including Ford Motor Co., IBM’s Red Hat and Hewlett Packard Enterprise.

Although the Trump-era sweeping powers don’t cover foreign affiliates of U.S. companies, U.S. regulators have already found ways to tie them to their U.S. parent companies, which in turn may be subject to restrictions.

Before tech tensions between the United States and China began to boil, Alibaba had big ambitions for its cloud business in the United States. In 2015, it launched a cloud computing hub in Silicon Valley, its first outside China, with plans to compete with, Inc., Microsoft Corp. and Alphabet Inc. Google. It then added additional data centers there and in Virginia.

A person familiar with the matter said the company cut its U.S. bet during Trump’s presidency as tensions with China escalated.

In 2018, US authorities blocked a bid by Alibaba subsidiary Ant Financial, now Ant Group, to acquire US money transfer company MoneyGram International, Inc. on national security grounds. But a move to put Ant Group on a commercial blacklist failed, and an executive order banning its Alipay mobile payment app was revoked by President Joseph R. Biden, Jr.

Mr. Biden, like Trump, has increasingly imposed restrictions on Chinese businesses. Last month, the US government imposed investment and export restrictions on dozens of Chinese companies, including major drone maker DJI, accusing them of complicity in the oppression of China’s Uyghur minority or aiding the ‘army. — Reuters